Internet Security Tips and Advice

Security Choices, Part 1: The Software Firewall

January 16th, 2008 by Igor Pankov

Abstract

This is the first in a series of introductory articles intended for less-experienced users who wish to learn more about the security product options available to them today. Others may also find these articles interesting as a concise summary, update and review of what is frequently a disparate collection of information. The goal of the series is to provide a balanced overview of currently-available categories of security solution, citing their main uses and capabilities as well as their limitations and drawbacks.

This first article focuses on software firewalls which, along with anti-virus software, is considered an essential part of computer security. We’ll be looking at anti-virus in the next article.

The Software Firewall

The firewall’s main task is to prevent malicious or unwanted connections between your computer and the network (usually the internet). Firewalls act like entrance guards – allowing authorized people (network traffic) in and out, and blocking less well-intentioned individuals (malicious or unauthorized connections) from entering or leaving, as determined by the boss (the PC user), and awaiting further instructions whenever it detects unknown activity (visitors with unknown IDs).

The firewall is considered a primary security element because it helps block unknown threats by denying them network access. Firewalls are proactive in their approach – they stop unknown connections, ask the user how these connection requests should be treated, and grant access only to those connections defined by the user as trusted. By blocking network access, firewalls block malware’s main propagation route – the Internet. Most of today’s threats – Trojans, botnets, worms and other malware – use the Internet to spread themselves and transmit stolen personal data to unauthorized individuals or entities.

Firewalls can hide a computer’s presence on the Internet so hackers can’t locate and exploit vulnerable machines. Some advanced firewalls also incorporate a list of known attacks and intrusions, automatically preventing those from reaching the PC. Firewalls can also be used to control the exchange of data in internal networks (such as a home network or office LAN), making sure data is sent to the designated recipient, preventing internal hacks and man-in-the middle attacks.

Firewalls monitor and control traffic in both directions. Data received from the network is referred to as inbound, while data that is sent out is called outbound. Although the majority of today’s threats constitute breaches of outbound security, it’s imperative that both directions are monitored. Some of the more basic firewalls, including those supplied with Windows Vista and XP, don’t monitor outbound connections by default; they must be specifically configured to provide this protection.

Unlike typical anti-malware applications, firewalls are not signature-based, meaning they don’t need to identify a threat according to a known sample of that threat in order to block it. Instead, they ask the user whether a particular program should be allowed to connect to the network or not. This is the most difficult part of firewall operation for users because, understandably, most people are not equipped with the specialist knowledge needed to make this determination. They are not familiar with the specifics of networking or operating systems’ internal functions and cannot provide an informed answer to the firewall’s question.

So, to a certain extent, the firewall is only as secure as the user’s ability to answer these questions; if it turns out that the user responded incorrectly and inadvertently allowed access to a Trojan, the firewall was simply doing what it was told by granting access to this particular malicious program. In an attempt to alleviate this situation, the majority of firewalls now include a “white list” of known good applications and system services that are automatically granted network access without asking the user. To enhance the user’s understanding of individual activities and help in making the right decision when configuring new access permissions, some firewalls now incorporate a system of context-sensitive advice and live hints in this process.

In order to correctly handle network activity for the majority of internet-enabled applications not covered by the firewall’s existing white list, some sophisticated firewalls (including Outpost Firewall Pro and ZoneAlarm Pro) are supported by a continuously-updated online database of known good/and known malicious programs that is regularly downloaded to users to minimize the number of questions users need to answer to keep their protection up to strength. But of course, no system is perfect, and not every software application will be included in any vendor’s list, so there will always be a few questions users need to answer for themselves.

As we can see, firewalls are rarely clearly-defined traffic filters. Many now include additional functionality such as Host Intrusion Prevention systems (HIPS) to control local interactions and application activity, parental control features, safe surfing controls, advanced connection monitoring and logging systems, and other approaches that will be discussed in future articles.

Summary

What firewalls can do:

Guard network and internet connections against malicious or unwanted content.

Block known internal or external attacks and protect the integrity and privacy of intra-network data.

Because the firewall is a mutually exclusive tool, two firewalls cannot peacefully coexist on one system. Firewalls operate at a low level, communicating directly with networking hardware, and only one such set of communications can take place at one time.

Firewalls may slow data transfer speeds and use additional processor resources when monitoring large volumes of data being sent over high-speed connections.

Most firewalls also include some additional, secondary functionality such as parental controls or website content filtering which may cause interoperability issues with other security software offering similar functionality.

Conclusion

While this has been a brief overview/refresher on what firewalls can and cannot do, it’s clear that the firewall is a must-have element in any computer security product portfolio. Our next article will address the strengths and weaknesses of anti-virus, but if you have any questions in the meantime, please don’t hesitate to contact us through the Security Teacher comments space and we’ll do our best to help.

Nice post, made basic for the new user to read. will forward to parents and some friends to have a read of it
Personally running agnitum (which links to this site in it’s news article) and it turns off the fairly useless windows firewall by default
Likewise, do not run 2 anti virus systems as it will not make you more secure, but will cause conflicts and might create gaps

Please introduce an option to disable News in Outpost Firewall Version 2008! That’s how I got to this article. Very annoying. It really makes Agnitum look bad and contradictory to bombard us with ads and spam in a product designed to fight these same annoyances.

There is no way to disable News in Outpost Version 2008. In previous versions yes. In Version 2008 no.

You must be using an older version. I really do not care to be bombarded with adware and spam by a program designed to fight these same annoyances. It is a bit ironic and contradictory and makes Agnitum look bad. I can not believe the programmers have not fix this bug.

Still, please take in consideration the following: this kind of article is more suitable in the help area or something like this where you will find it as a definition. If I were you, I would post only news regarding your product: new modules, tests made by others, reviews, rewards, things like this that would make me happy for choosing your product.I don’t need basic of the firewall because I have it and I know why.

Thanks guys for your opinions, I will try to take all your suggestions into consideration. Please write as much as you want to, criticize my articles and add important information and details you believe are important. This place is for discussion!

Great Article! Don’t listen to all those people who offer comments such as “to basic”, “already know this”. Some of us to not have the luck or ability to be nerds, and know everything about computers!
Kepp up the good work!

I saw you article. I think it is great. I have been around computers for about 4 years and really interested in how a firewall works and how to use it. I am very interested in security and have been reading a great deal about it. I am a sort of security fanatic. So being that I fully appreciate your article.

In some of the threads I have read here I found that some persons did not realise that there are people who are just beginners, some with limited knowledge, some who really know and some who are just dumb to security. Apparently they just don’t care about the other person.

I see what you are attempting and its great. Thank you for the news letter I will subscribe. I am pretty savy as a user and I love the security aspect.